Cyber chaos of Ukraine
“NATO doesn’t know who to turn to”
April 13, 2024, 1:42 p.m
Ukraine is still in the early stages of building up its cyber defense. “These functions are actually already being carried out in the armed forces with varying degrees of success, but cyber troops have not yet been created as a separate branch of the armed forces,” says Ukrainian security expert Kostiantyn Korsun in an interview with ntv.de. He criticizes unclear responsibilities caused by vanity and corruption. The Ukrainian army has a lot of experience, but due to a lack of laws, the system is not reliable.
ntv.de: Ukraine has been suffering from massive cyber attacks since 2014. Have attacks increased since the invasion?
Kostiantyn Korsun: Yes, both in scale and complexity. However, this is an estimate as there are no statistics in Ukraine that can be fully trusted. A lot of information is hidden. Only obvious incidents are known, for example the recent attacks on the mobile phone provider Kyivstar or the satellite television company Viasat. Some government agencies report individual victories, successes, cyberattacks repelled, and own attacks on adversary targets, but this data is not complete.
Kostiantyn Korsun is a cybersecurity expert.
(Photo: private)
Why?
There is not a single specialized government agency in Ukraine responsible for cybersecurity and, accordingly, capable of maintaining and publishing reliable statistics. The Ukrainian Security Service, the State Service for Special Communications and Information Protection, the Ministry of Digital Transformation and the National Security and Defense Council publish different data. However, these data do not match and therefore raise many questions about the credibility and source of the data.
Should such a body be created?
As far as I know, no. Because the competition is fierce, each of the players mentioned claims to be a leader in this area.
And that stands in the way of the formation of a central cybersecurity authority?
I think so. Political ambitions and internal competition significantly hinder the development of a unified strategy and the formation of a unified body. We’ve been talking about this for a long time. Especially since the war began in 2014.
How is Ukraine affected by Russian cyberattacks?
The massive attacks began on February 24, 2022. In particular against Ukrainian internet providers and telecommunications operators. The hacker attack on Kyivstar left people at home without communication and internet – a kinetic consequence that is visible in society. Kyivstar’s cyber team is one of the strongest in Ukraine, but it was hacked. The Internet is becoming the most important communication channel in modern society: news, mail, messaging, commerce, business, communication with family and friends, work meetings, fundraising and much more. It also includes intelligence information, coordination of military operations, volunteer work and influencing critical infrastructure. Russia is aware of this and is therefore constantly attacking online media and providers.
How safe is it to use the state-run Diia app, where Ukrainians store all their personal documents electronically, in light of Russian cyberattacks?
I criticized the Diia app and this solution in general even before the application was released because it is not a mature solution. There are many risks to citizens’ personal data, and during war these risks are magnified.
Is there help from Western countries, the USA and NATO?
It’s hard to say because, as I said, who should they help? Ukraine does not have one cybersecurity center, but rather four government agencies. And besides these, there are several others.
Why is that?
First of all, it is a legislative problem. This is a lengthy process that is influenced by politics, ratings and populism. Added to this is our eternal problem of corruption. Our Western partners want to help, but don’t know where to turn. Israel only has two cybersecurity positions and recently decided to merge them.
Why?
When there are many people, no one feels responsible for anything. If one body has full authority, it is responsible for all consequences of cyber attacks by the enemy. If she does not adequately protect the country, she will be punished.
Do you think Israel is a model that Ukraine could learn from?
Israel is a more technologically advanced country. For example, it is also the only thing the Americans allow to install Israeli information systems on their F-35 fighter jets. This shows the state of technological development. And since we are both at war, this is a country with which we can compare ourselves. Of course we have different types of wars, but still their war is also our war. And they centralize cybersecurity while we don’t. However, we have many experts and experience in large-scale warfare. Many of our successes are due to the enthusiasm of our people.
With Kostiantyn Korsun said Maryna Bratchyk